<?php
if(!defined('IN_DISCUZ')) exit('Access Denied');
header('Content-Type: application/json');

global $_G;
$uid = $_G['uid'];
if(!$uid) {
    $data = [
        'success' => false,
        'message' => '请先登录'
    ];
    echo json_encode($data);
    exit;
}

if(!submitcheck('formhash')) {
    $data = [
        'success' => false,
        'message' => '请求来源验证失败'
    ];
    echo json_encode($data);
    exit;
}

// 检查是否包含非法字符
$form_data = $_POST['data'];
$pattern = "/[<>\'\"\\\&\x00-\x08\x0b\x0c\x0e-\x1f\$\r\n\t]|\.{2}/"; // 禁止< > ' " \ & \b, \t, \n, \r $ .. 等特殊字符
if(is_array($form_data)) {
    foreach($form_data as $key => $value) {
        if(is_string($value) && preg_match($pattern, $value)) {
            $data = [
                'success' => false,
                'message' => '输入内容包含非法字符',
            ];
            header('Content-Type: application/json');
            echo json_encode($data);
            exit;
        }
    }
}

$er_name = isset($_GET['er_name']) ? trim($_GET['er_name']) : '';

// er_name映射
$allowed_er_names = [
    'gridad' => 'gridad.php',

];

if(empty($er_name) || !isset($allowed_er_names[$er_name])) {
    $data = [
        'success' => false,
        'message' => '无效的请求'
    ];
    echo json_encode($data);
    exit;
}

// 加载对应的API文件
$api_file = dirname(__FILE__) . '/api/' . $allowed_er_names[$er_name];
if(file_exists($api_file)) {
    require_once $api_file;
} else {
    $data = [
        'success' => false,
        'message' => 'API文件不存在'
    ];
    echo json_encode($data);
    exit;
}